As "Kerberos - The Definitive Guide" by O'Reilly states: "... as long as the users have DES keys enabled in AD, they will be able to kinit to the Windows DC without a problem ..."
On Wednesday 19 April 2006 23:41, Didier Caamaqo wrote: > Greetings: > > I have a small Windows network and I'm trying to implement an OpenBSD box to > be my file server and print server. What I'm trying to accomplish is: > configure Samba to publish the share directories so the users can store their > files there but at the same time authenticate the users against the Domain > Controller, pulling the account information from AD and not having to manually > add that info with smbpasswd. > > Kerberos, as far as I know, is working fine, at least it tries to connect to > the realm, but then it gives a Password Incorrect Message. I know many of you > will respond that I am typing the password incorrectly, first I thought that > too, but then I went and tried the account in a windows client and it worked. > > If it is of any help, I downloaded and installed Samba with LDAP support and > created the computer account in the Windows AD. > > This is my krb5.conf file > > [libdefaults] > # Set the realm of this host here > default_realm = DOMAIN.COM > ticket_lifetime = 60000 > clockskew = 300 > > [realms] > DOMAIN.COM = { > kdc = 10.0.0.1 > kdc = 10.0.0.1:88 > admin_server = 10.0.0.1:749 > } > > [domain_realm] > .domain.com = DOMAIN.COM > domain.com = DOMAIN.COM > > > and this is the command I'm issuing in order to get tickets from the KDC (the > domain controller) > > Code: > > # kinit [EMAIL PROTECTED] > [EMAIL PROTECTED]'s Password: > kinit: Password incorrect > > > Any help or hint of how I might connect to kerberos will be appreciated, > probably there's something I'm doing wrong or I'm missing. Thank you all in > advance. > > > > Didier Caamaqo > > Director Departamento Informatica > > Sociedad Comercial Electrocenter Ltda. > > Correo Electrsnico: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > Telifono: 02 - 584 - 7039